Search in Site

Is Your Online Patient Interaction HIPAA Compliant?

September 28, 2015
No Comments

As more and more patients are turning to the Internet to conduct a consultation for aesthetic surgery, the need for patient privacy and HIPAA compliancy has never been greater. This interview with San Francisco board-certified plastic surgeon, Dr. Scott Mosser, explains the importance of HIPAA compliancy and what steps an aesthetic practitioner can take to be compliant. Dr. Mosser utilizes AestheticLink, an integrated software solution that is HIPAA compliant and endorsed by leading malpractice insurance companies. With a busy Bay Area practice, Dr. Mosser uses AestheticLink for a multitude of purposes including virtual consulting, patient tracking, inventory control and marketing. His philosophy of improvement through plastic surgery happens through establishing harmony, not by manipulating a patient’s fundamental appearance. Enhancing people’s lives and witnessing positive changes in self confidence are key reasons Dr. Mosser chose plastic surgery as his profession, and are the reasons that he loves performing plastic surgery everyday. Patient privacy is important to Dr. Mosser. Learn more at www.drmosser.com.

As the methods of patient interface and interaction continue to change and grow, the need for security when it comes to patient privacy has never been greater. A HIPAA violation can cost a medical practice hundreds of thousands of dollars and a privacy breach can begin as early as the first email inquiry from a prospective patient. If you thought you knew all there was to know about ensuring that your practice is HIPAA compliant, you may want to think again. Board certified plastic surgeon Dr. Scott Mosser, who runs a busy San Francisco, CA aesthetic practice, has incorporated leading-edge technology into his practice and understands first-hand the importance of playing safe.

Can You Explain The Importance of HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act. It was passed by congress in 1996 and is literally an act of congress. HIPAA not only applies to doctors but also to hospitals, insurance companies, and any person or business involved in an individual’s healthcare. It is becoming more relevant now because information is being broadcast more widely, and more rapidly, and in smaller packets of information due to technology. One of the primary goals of the law is to protect the confidentiality and security of healthcare information.

Why Is HIPAA Compliance More Relevant Now?

Many aesthetic practices are spending money on SEO and the Internet as a means to attract new patients. They are also communicating with patients through email, smartphones and texting and for many this is very non-secure as a third-party is involved in the transmission. What I mean by that is if somebody were, for example, to submit information online whereby their name and even an area of medical interest was attached to that name was sent on email to a doctor that email could be in violation of HIPAA law as it is not secure. Let’s say somebody named Jane Smith submits her name and also submits “I’m interested in breast augmentation” to an email address found on a doctor’s website, just that little bit of information is already considered protected health information. Also, if a staff member were to text a patient a day or two after a procedure to see how they are doing, as innocent as this, it is still sensitive information that could be leaked and is therefore in violation. When HIPAA first came about it applied to larger amounts of information, but in this age of technology it is also relevant for even smaller bits of information.

Is Email And Texting Considered A Violation?

It can be if a doctor or healthcare provider is using a third party that is not secure. For instance, if the practice emails or smartphone texts are hosted through a regular Internet or telephone company then it is most likely not secure. Like I said, this is an Act of Congress, therefore these third party companies would have to have a signed agreement with the doctor’s practice stating that their service was secure and HIPAA complaint. While many email service and telephone providers say they are private and secure, they are still not secure enough for HIPAA. At the moment, the only trusted one of the very few HIPAA compliant sources for patient interaction within medical aesthetics is AestheticLink. If a practice is not using AestheticLink or proven safe and HIPAA compliant software solution, then let this be a wake-up call. Doctors can’t risk the high cost consequences of just sending emails and texts to patients. It could cost a huge amount to their medical practice as HIPAA fines are high and are growing exponentially.

Is The Current State of Healthcare and Insurance Changing How We View Privacy?

None of us really know where the future of healthcare or health insurance is going. What we do know is that many insurance companies are setting more limitations, especially on pre-existing conditions. Due to this, most people agree that they want their health information to remain private. It should be kept separate and out of the public domain. Theoretically any third party individual could be listening in on the information stream of emails and texts and could be collecting patient information without having permission. We must all understand that even one slip of a patient conversation could impact that patient in many ways in the future. What they reveal to us in their initial screening must remain private.

How Has AestheticLink Solved This Problem?

Healthcare entities are beginning to realize the dangers of email and text messaging, and many of the other elements of social media or twitter hashtags. What was needed is a guardian of that information that is accessible to the patient, that’s easy to understand, and that can make good on its promise to keep all of these interactions a secret for everybody. AestheticLink is that guardian and as far as I know is the only software solution that provides the doctor-patient interface in a cloud based portal that is HIPAA compliant and is also endorsed by leading malpractice insurance companies. They make it very easy for a patient to consult with a doctor, upload all of their personal health information and photos through a secure portal, and continue a private dialogue before and after undergoing any procedures. It’s a great system. As long as everyone logs into the cloud portal to communicate with the patient, whether it’s from a computer, a smartphone or a tablet, the information and conversations are kept strictly private and secure.

Does This Sense Of Security Help You Become A Better Doctor?

Absolutely I’m able to reach beyond my city’s borders for new patients and that means being able to develop dialogue with a patient at a distance without being concerned about a privacy breach. In the early days of the Internet I don’t think we really understood how bad email security was and thought if I put a 2-line disclaimer at the end of my email then that’s going to be fine and I’ll be compliant. I now am fully confident about giving patients a full evaluation without editing my words, or tip-toeing around a sensitive issue such as an HIV infection, hemophilia, etc. Once a patient enters into a secure portal like the one AestheticLink has developed I am able to be a doctor again.